A recent security vulnerability was found by an enduser named Stewie. This security exploit affects popular free and open source software ImageMagick. ImageMagick is a popular program that allows websites to process images.
If your website processes user submitted images, for example content management systems such as WordPress, then your website might be at risk of remote code execution. An exploit for this security vulnerability, is presently being used on the internet. There are two possible quick solutions to this exploit.
* You will want to verify any image files that begin with magic bytes before sending them to ImageMagick for processing
* You can use a policy file in order to disable this ImageMagick vulnerability
Usually an ImageMagick global policy file is found in /etc/imagemagick. Also, below is an example policy policy.xml policy file that will block any vulnerable ImageMagick coders:
You can find out more detailed information about these security vulnerabilities at ImageTragick.com. ImageMagick support is fully aware of these potential exploits and recommended that afore mentioned policy file. If you have either ImageMagick version 6.9.3-10 or 7.0.1-1, then these policy coders have already been secured.
You can verify your ImageMagick policies with this command:
-> convert -list policy